[ Java 常見問題 ] Ignoring SSL certificate in Apache HttpClient 4.3

Source From Here
Preface
How to ignore SSL certificate (trust all) for Apache HttpClient 4.3? All the answers that I have found are previous versions, and the API changed. Related:

* How to ignore SSL certificate errors in Apache HttpClient 4.0
* How to handle invalid SSL certificates with Apache HttpClient?
* Need to trust all the certificates during the development using Spring
* Ignore SSL Certificate Errors with Java

How-To
The code below works for trusting self-signed certificates. You have to use the TrustSelfSignedStrategy when creating your client:

view plaincopy to clipboardprint?

1. SSLContextBuilder builder = new SSLContextBuilder();  
2. builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());  
3. SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(  
4.         builder.build());  
5. CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(  
6.         sslsf).build();  
7.   
8. HttpGet httpGet = new HttpGet("https://some-server");  
9. CloseableHttpResponse response = httpclient.execute(httpGet);  
10. try {  
11.     System.out.println(response.getStatusLine());  
12.     HttpEntity entity = response.getEntity();  
13.     EntityUtils.consume(entity);  
14. }  
15. finally {  
16.     response.close();  
17. }  

I did not include the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER on purpose: The point was to allow testing with self signed certificates and not having to acquire a proper certificate from a certification authority. You can easily create a self-signed certificate with the correct host name, so do that instead of adding the SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER flag.

Below is an example of accessing "HttpComponents Downloads" page:

view plaincopy to clipboardprint?

1. package test;  
2.   
3. import org.apache.http.HttpEntity;  
4. import org.apache.http.client.methods.CloseableHttpResponse;  
5. import org.apache.http.client.methods.HttpGet;  
6. import org.apache.http.conn.ssl.SSLConnectionSocketFactory;  
7. import org.apache.http.conn.ssl.TrustSelfSignedStrategy;  
8. import org.apache.http.impl.client.CloseableHttpClient;  
9. import org.apache.http.impl.client.HttpClients;  
10. import org.apache.http.ssl.SSLContextBuilder;  
11. import org.apache.http.util.EntityUtils;  
12.   
13. public class HttpsGetEx {  
14.     public static void main(String[] args) throws Exception   
15.     {  
16.         SSLContextBuilder builder = new SSLContextBuilder();    
17.         builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());    
18.         SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(    
19.                 builder.build());    
20.         CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(    
21.                 sslsf).build();    
22.             
23.         HttpGet httpGet = new HttpGet("https://hc.apache.org/downloads.cgi");    
24.         CloseableHttpResponse response = httpclient.execute(httpGet);    
25.         try {    
26.             System.out.println(response.getStatusLine());    
27.             HttpEntity entity = response.getEntity();    
28.             System.out.printf("\t[Info] Page Content:\n%s\n", EntityUtils.toString(entity));  
29.         }    
30.         finally {    
31.             response.close();    
32.         }  
33.     }  
34. }